Kapta — list of subprocessors
This list is referenced by the DPA. Last updated: 2026-05-12.
Tenants are given advance written notice before a new subprocessor is added or replaced (DPA § 4.2).
| Subprocessor | What we share | Why | Where they are | Transfer mechanism |
|---|---|---|---|---|
| FareHarbor (Booking.com) | Tenant's booking data (received from FareHarbor → returned to us via the booking-lookup endpoint when we replay) | Booking source — the tenant has separately contracted with FareHarbor; Kapta acts on the data already entrusted to FareHarbor | United States | SCCs in place between the tenant and FareHarbor; Kapta's role is processing-by-passthrough |
| Stripe (Stripe Payments Europe, Ltd. + Stripe Inc.) | Tenant company name, contact email, billing address, VAT ID, payment method tokens (for the tenant — NOT the tenant's customers) | Recurring billing for the Kapta subscription | Ireland + United States | Stripe DPA + EU SCCs (2021/914) — Module 3 (processor → sub-processor) for the Stripe Inc. (US) leg, because Kapta acts as processor for the tenant on its billing data. Stripe is also independently a controller for fraud-prevention; per-flow allocation follows stripe.com/legal/dpa |
| Holded (Eseyfact, S.L.) | Tenant's end-customer invoice data | The tenant's chosen invoicing provider | Spain | EU — no transfer mechanism needed |
Invoicing-provider relationship
The invoicing providers are NOT classical subprocessors in the "recipients we choose" sense — each tenant deliberately picks their provider and gives us an API key. We forward the booking-derived invoice data to whichever provider that tenant chose. The relationship is still listed here because tenants need to know the data flows out of Kapta.
For tenants who haven't chosen a provider, the data simply doesn't leave Kapta.
Source: docs/legal/SUBPROCESSORS.md